[go: up one dir, main page]

US20040026517A1 - Layered SIM card and security function - Google Patents

Layered SIM card and security function Download PDF

Info

Publication number
US20040026517A1
US20040026517A1 US10/360,011 US36001103A US2004026517A1 US 20040026517 A1 US20040026517 A1 US 20040026517A1 US 36001103 A US36001103 A US 36001103A US 2004026517 A1 US2004026517 A1 US 2004026517A1
Authority
US
United States
Prior art keywords
software
smart card
services
mobile terminal
security function
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US10/360,011
Other versions
US7240830B2 (en
Inventor
Bernd Moller
Matthias Esswein
Rickard Svedenmark
Elmar Kirchner
Bernard Smeets
Michael Bock
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Telefonaktiebolaget LM Ericsson AB
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to US10/360,011 priority Critical patent/US7240830B2/en
Priority to JP2003568904A priority patent/JP4554937B2/en
Priority to EP03739478A priority patent/EP1486081A2/en
Priority to AU2003210252A priority patent/AU2003210252A1/en
Priority to PCT/EP2003/001373 priority patent/WO2003069922A2/en
Assigned to TELEFONAKTIEBOLAGET L M ERICSSON (PUBL) reassignment TELEFONAKTIEBOLAGET L M ERICSSON (PUBL) ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: ESSWEIN, MATTHIAS, KIRCHNER, ELMAR, BOCK, MICHAEL, MOLLER, BERND, SVEDENMARK, RICKARD, SMEETS, BERNARD
Publication of US20040026517A1 publication Critical patent/US20040026517A1/en
Application granted granted Critical
Publication of US7240830B2 publication Critical patent/US7240830B2/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/356Aspects of software for card payments
    • G06Q20/3563Software being resident on card

Definitions

  • the present invention relates generally to the field of wireless telecommunications; and, more particularly, to a smart card and a smart card and security function system for a mobile terminal for a wireless telecommunications system.
  • Smart cards are the main secure carriers of private/secret (key) information to authorize electronic access and/or transactions via a mobile terminal of a cellular telecommunications system.
  • smart cards such as SIM (Subscriber Identity Module) cards and WIM (WAP Identity Module) cards, or combined SIM/WIM cards, are used to securely store user credentials (and keys) to identify the user and to bind the user to a specific transaction, e.g., an electronic purchase.
  • SIM Subscriber Identity Module
  • WIM WAP Identity Module
  • ICCs Integrated Circuit Cards
  • a mobile terminal will have to handle different smart cards.
  • the lowest level for accessing the information on a smart card can be the mechanical elements that make electrical contact between the mobile terminal and the smart card, or a system that makes a wireless radio or optical (e.g., infrared) contact.
  • API Application Interface
  • mobile terminal software developers can build the driver software through which the security functions in the mobile terminal can gain access to the smart card.
  • Unfortunately there does not exist one API standard, and this leads to multiple implementations of the software to use the card capabilities. This, in turn, increases the cost of code storage and code development.
  • the present invention provides a smart card and a smart card and security function system for a mobile terminal for a wireless telecommunications system that permits an efficient software design in the mobile terminal with a resultant reduction in overall development costs.
  • a smart card for a mobile terminal for a wireless telecommunications system includes a software services component in which software is organized in at least one functional software unit and in a plurality of software layers arranged in order from software layers providing higher level services to software layers providing lower level services, and at least one software module in each software layer.
  • the smart card further includes means for providing access to information and services provided by the smart card.
  • the software architecture according to exemplary embodiments of the present invention differs from the standard ISO/OSI (ISO Open Systems Interconnection) model in that it includes a plurality of horizontally partitioned functional software units that complement a plurality of vertically partitioned software layers.
  • the horizontal partitioning contributes significantly to the creation of independent modular (service) components.
  • the smart card may include payment server applications that utilize software of the software services component of the smart card, or the smart card may have no payment server applications and be controlled directly by the mobile terminal.
  • the smart card may be removably mounted in a mobile terminal or built-in to the mobile terminal.
  • FIG. 1 is a block diagram that schematically illustrates a smart card for a mobile terminal for a wireless telecommunications system according to an exemplary embodiment of the present invention
  • FIG. 2 is a block diagram that schematically illustrates a layered modular smart card and security function system for a mobile terminal for a wireless telecommunications system according to another exemplary embodiment of the present invention
  • FIG. 3 is a block diagram that schematically illustrates a layered modular smart card and security function system for a mobile terminal for a wireless telecommunications system according to another exemplary embodiment of the present invention
  • FIG. 4 is a block diagram that schematically illustrates a smart card for a mobile terminal for a wireless telecommunications system according to another exemplary embodiment of the present invention.
  • FIG. 5 is a flow chart that illustrates steps of a method for providing a security function for a mobile terminal for a wireless telecommunications system according to another exemplary embodiment of the present invention.
  • FIG. 1 is a block diagram that schematically illustrates a smart card for a mobile terminal for a wireless telecommunications system such as a cellular telecommunications system according to an exemplary embodiment of the present invention.
  • the smart card which may, for example, comprise a SIM card, a WIM card or a combined SIM/WIM card, is generally designated by reference number 10 , and comprises one or more payment services 12 (referred to as payment server applications), an interface component 14 , a software services component 16 used by the payment server applications and a hardware component 18 .
  • FIG. 1 In the exemplary embodiment illustrated in FIG. 1, three payment server applications are provided, an electronic payment plug-in server application 20 , an electronic payment Java server application 22 and an electronic payment native server application 24 .
  • These payment server applications are implemented using different execution environments. In current smart cards, only one execution environment may exist on a single smart card (e.g., on a so-called Java card ICC); however, it is anticipated that future smart cards will provide the possibility of supporting different environments. It should be understood, accordingly, that the present invention is intended to cover smart cards having one or more execution environments for implementing one or more payment server applications.
  • Software services component 16 comprises a plurality of well-structured functional software units for providing services to the payment server applications 12 via the interface component 14 .
  • the plurality of functional software units comprise a plurality of vertically oriented functional software stacks including communications services stack 30 , security services stack 32 and basic services stack 34 .
  • the interface component 14 preferably comprises a middleware services layer that includes one or more application interfaces (APIs) for one or more payment server applications.
  • the middleware services layer also functions to isolate the software services component 16 of the smart card from the payment server applications 12 except via the one or more interfaces. Accordingly, with the smart card of the present invention, the middleware services layer provides a separation between the server application software and the software of the software services component. As a result, the server application software and the software of the software services component can be developed separately.
  • the software of the software services component 16 in addition to being organized into a plurality of vertical, functional software stacks 30 , 32 and 34 as described above, is also arranged to define, together with the server application software, a plurality of horizontal layers arranged in a descending order from a higher level service layer to a lower level service layer.
  • the highest level layer (the top layer) of the layered architecture comprises the one or more payment server applications 12 , and the remaining layers comprise the software layers of the software services component.
  • the software of the software services component is organized into a plurality of software modules, e.g., modules 40 and 42 .
  • modules 40 and 42 e.g., modules 40 and 42 .
  • a single module can reside in only one functional stack and in only one horizontal layer within that stack.
  • Each layer can contain from one to many modules and all the modules in a particular layer and in a particular functional stack have the same level of abstraction.
  • Communication among the various modules is accomplished via a Software Back Plane (SwBP), such as schematically illustrated at 46 , subject to a set of basic rules for module-to-module access.
  • SwBP Software Back Plane
  • a software module may invoke functionality in all layer interfaces below its own layer.
  • a software module may never invoke functionality in layer interfaces (in the SwBP) above its own layer, independent of to which module the layers belong.
  • a software module may invoke functionality in the layer interface in its own layer in the same vertical stack.
  • a software module may invoke functionality in a software module in the same layer in another vertical stack. (This capability is permitted to limit the number of layers in the vertical stacks, and is preferably kept to a minimum.)
  • the communications services stack 30 includes modules for providing communication services, a smart card protocol engine, logical drivers and physical device drivers.
  • the security services stack 32 includes modules for providing security functions including certificate services, cryptographic services, public-key cryptographic services and symmetric key cryptographic services; as well as modules for providing logical drivers and physical device drivers (as schematically illustrated in FIG. 1, communication between the logical drivers modules and the physical drivers modules in the communication services stack and the security services stack is permitted notwithstanding that they are in different stacks in order to reduce the overall number of modules that are required in the smart card).
  • the basic services functional stack 34 includes modules for providing a smart card command engine, access control, operating system services, and bootstrap services.
  • the hardware component 18 comprises a plurality of hardware units including various 10 hardware units, a cryptographic hardware unit and hardware units relating to memory and memory management, various timers, clocks and sensors.
  • FIG. 1 illustrates a realization supporting not only the traditional use of smart cards, but also the use of smart card functionality in a mobile terminal as a built-in (non-removable) component.
  • FIG. 2 is a block diagram that schematically illustrates a layered modular smart card and security function system for a mobile terminal for a wireless telecommunications system according to another exemplary embodiment of the present invention.
  • the mobile terminal is generally designated by reference number 50 , and includes a plurality of smart cards including removable smart cards 52 and 54 , and a built-in smart card 56 .
  • the mobile terminal 50 in FIG. 2 includes a platform system that comprises electronic payment application software 60 , and a mobile terminal platform assembly 62 that includes a middleware services layer 64 and a software services component 66 .
  • software services component 66 is also provided with a layered, modular functional architecture, and specific details of the platform system and the layered architecture are described in commonly assigned copending U.S. Patent Application Serial Nos. [Attorney Docket 53807-00045USPT and Attorney Docket 53807-00023USPT], the disclosures of which are incorporated herein by reference.
  • the software architecture of a smart card is similar to and complements the software architecture described in the above-referenced copending applications in that both are organized into vertically oriented functional software stacks and horizontal software layers.
  • FIG. 2 only the relevant parts, being the security services stack and the basic services stack, are illustrated.
  • the shaded boxes in FIG. 2 illustrate software modules that relate to the smart card or the provided smart card services.
  • FIG. 3 is a block diagram that schematically illustrates a layered modular smart card and security function system for a mobile terminal 80 for a wireless telecommunications system according to another exemplary embodiment of the present invention.
  • the system of FIG. 3 extends the smart card and security function system of FIG. 2 with the capability of directly addressing the smart card command engine module (identified by reference number 82 in FIG. 3).
  • the embodiment of FIG. 3 thus realizes a straightforward method for the mobile terminal to utilize the cryptographic hardware of a smart card, for example, the built-in smart card 84 .
  • FIG. 3 also illustrates the advantage of the layered, modular functional approach as it suffices to add only one module to extend the generic cryptographic services module 86 of the software services component 88 of the mobile terminal 80 .
  • FIG. 4 is a block diagram that schematically illustrates a smart card for a mobile terminal for a wireless telecommunications system according to another exemplary embodiment of the present invention.
  • FIG. 4 illustrates a smart card 100 that has no payment server applications, but is controlled directly by the mobile terminal.
  • the smart card because the smart card has no payment server applications, the smart card also does not require the middleware services layer, and comprises only the software services component 16 and the hardware component 18 .
  • the smart card may be built-in or removable from the mobile terminal.
  • FIG. 5 is a flow chart that illustrates steps of a method for providing a security function for a mobile terminal for a wireless telecommunications system according to another exemplary embodiment of the present invention.
  • the method is generally designated by reference number 120 and includes the steps of providing a smart card that has security function software (step 122 ), and providing a mobile terminal that has security function software (step 124 ).
  • the smart card security function software is organized in at least one functional software unit and in a plurality of software layers arranged in order from software layers providing higher level services to software layers providing lower level services, and at least one software module in each software layer.
  • the method further includes the step of the mobile terminal accessing and using information and services provided by the smart card to provide a desired security function for the mobile terminal (step 126 ).
  • the smart card can be built-in to the mobile terminal or may be a separate component adapted to be removably mounted in the mobile terminal.
  • the present invention provides a smart card for a mobile terminal for a wireless telecommunications system that provides for a reduction in software development costs for the mobile terminal, not only during initial design and testing but also during the design and introduction of upgrades or other enhancements, i.e., the ability to support additional smart cards or additional functionality.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Telephone Function (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephone Set Structure (AREA)

Abstract

A smart card and a smart card and security function system for a mobile terminal for a wireless telecommunications system. The smart card includes a software services component in which software is organized in at least one functional software unit and in a plurality of software layers arranged in order from software layers providing higher level services to software layers providing lower level services, and at least one software module in each software layer. The smart card further includes means for providing access to information and services provided by the smart card.

Description

  • This application claims the benefit of copending U.S. Provisional Patent Application Serial No. 60/357,291 filed on Feb. 15, 2002, U.S. Provisional Patent Application Serial No. 60/412,756 filed on Sep. 23, 2002, and U.S. Provisional Patent application Serial No. 60/412,763 filed on Sep. 23, 2002.[0001]
    • BACKGROUND OF THE INVENTION
  • 1. Technical Field of the Invention [0002]
  • The present invention relates generally to the field of wireless telecommunications; and, more particularly, to a smart card and a smart card and security function system for a mobile terminal for a wireless telecommunications system. [0003]
  • 2. Description of Related Art [0004]
  • Smart cards are the main secure carriers of private/secret (key) information to authorize electronic access and/or transactions via a mobile terminal of a cellular telecommunications system. In current cellular telecommunications systems, smart cards such as SIM (Subscriber Identity Module) cards and WIM (WAP Identity Module) cards, or combined SIM/WIM cards, are used to securely store user credentials (and keys) to identify the user and to bind the user to a specific transaction, e.g., an electronic purchase. These smart cards comprise so-called ICCs (Integrated Circuit Cards) that are programmed for a specific service/use. Through standardized interfaces (both electrical and logical), a mobile terminal can access information and services provided by the smart card and provide the desired security functions. [0005]
  • Current mobile terminals have only a limited capability to support secure electronic payment services and other secure transactions via a wireless connection; and, in general, smart cards have been used only as carriers of private/secret information and associated services (e.g., electronic signing of data with a private/secret key on the card). [0006]
  • In the future, a mobile terminal will have to handle different smart cards. The lowest level for accessing the information on a smart card can be the mechanical elements that make electrical contact between the mobile terminal and the smart card, or a system that makes a wireless radio or optical (e.g., infrared) contact. By adhering to an API (Application Interface) standard (such as the standard specified in the WIM specifications), mobile terminal software developers can build the driver software through which the security functions in the mobile terminal can gain access to the smart card. Unfortunately, there does not exist one API standard, and this leads to multiple implementations of the software to use the card capabilities. This, in turn, increases the cost of code storage and code development. [0007]
  • Furthermore, due to increased demands for security in mobile terminals, there is and will continue to be a need to handle private/secret data in the mobile terminal. In principle, it is possible to turn the main processing circuit in the mobile terminal into a tamper resistant device such as a smart card. This is not an attractive option, however, as the increased security requirements would effect the design and the production process of the complete ASIC of the main processing circuit (for example, the need for special shielding, tamper detection mechanisms, redesign of signal flow to reduce signal leakage, and the like). [0008]
  • In general, the expected wider use of the capabilities of smart cards requires an efficient system design (software architecture) that allows efficient software development in a mobile terminal in which storage resources are limited and which contribute significantly to the overall cost of the mobile terminal. [0009]
    • SUMMARY OF THE INVENTION
  • The present invention provides a smart card and a smart card and security function system for a mobile terminal for a wireless telecommunications system that permits an efficient software design in the mobile terminal with a resultant reduction in overall development costs. [0010]
  • A smart card for a mobile terminal for a wireless telecommunications system according to the present invention includes a software services component in which software is organized in at least one functional software unit and in a plurality of software layers arranged in order from software layers providing higher level services to software layers providing lower level services, and at least one software module in each software layer. The smart card further includes means for providing access to information and services provided by the smart card. [0011]
  • It has been discovered that by providing a layered, modular software architecture to implement the functionality on a smart card, more efficient software development in mobile terminals is provided that permits a reduction in overall development costs and facilitates the introduction of enhancements to the mobile terminal. [0012]
  • The software architecture according to exemplary embodiments of the present invention differs from the standard ISO/OSI (ISO Open Systems Interconnection) model in that it includes a plurality of horizontally partitioned functional software units that complement a plurality of vertically partitioned software layers. The horizontal partitioning contributes significantly to the creation of independent modular (service) components. [0013]
  • According to exemplary embodiments of the present invention, the smart card may include payment server applications that utilize software of the software services component of the smart card, or the smart card may have no payment server applications and be controlled directly by the mobile terminal. According to further exemplary embodiments of the invention, the smart card may be removably mounted in a mobile terminal or built-in to the mobile terminal. [0014]
  • Further advantages and specific details of the present invention will become apparent hereinafter from the detailed description given below in conjunction with the following drawings.[0015]
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 is a block diagram that schematically illustrates a smart card for a mobile terminal for a wireless telecommunications system according to an exemplary embodiment of the present invention; [0016]
  • FIG. 2 is a block diagram that schematically illustrates a layered modular smart card and security function system for a mobile terminal for a wireless telecommunications system according to another exemplary embodiment of the present invention; [0017]
  • FIG. 3 is a block diagram that schematically illustrates a layered modular smart card and security function system for a mobile terminal for a wireless telecommunications system according to another exemplary embodiment of the present invention; [0018]
  • FIG. 4 is a block diagram that schematically illustrates a smart card for a mobile terminal for a wireless telecommunications system according to another exemplary embodiment of the present invention; and [0019]
  • FIG. 5 is a flow chart that illustrates steps of a method for providing a security function for a mobile terminal for a wireless telecommunications system according to another exemplary embodiment of the present invention. [0020]
    • DETAILED DESCRIPTION OF THE EXEMPLARY EMBODIMENTS OF THE INVENTION
  • FIG. 1 is a block diagram that schematically illustrates a smart card for a mobile terminal for a wireless telecommunications system such as a cellular telecommunications system according to an exemplary embodiment of the present invention. The smart card, which may, for example, comprise a SIM card, a WIM card or a combined SIM/WIM card, is generally designated by [0021] reference number 10, and comprises one or more payment services 12 (referred to as payment server applications), an interface component 14, a software services component 16 used by the payment server applications and a hardware component 18.
  • In the exemplary embodiment illustrated in FIG. 1, three payment server applications are provided, an electronic payment plug-in [0022] server application 20, an electronic payment Java server application 22 and an electronic payment native server application 24. These payment server applications are implemented using different execution environments. In current smart cards, only one execution environment may exist on a single smart card (e.g., on a so-called Java card ICC); however, it is anticipated that future smart cards will provide the possibility of supporting different environments. It should be understood, accordingly, that the present invention is intended to cover smart cards having one or more execution environments for implementing one or more payment server applications.
  • [0023] Software services component 16 comprises a plurality of well-structured functional software units for providing services to the payment server applications 12 via the interface component 14. In the illustrated embodiment of FIG. 1, the plurality of functional software units comprise a plurality of vertically oriented functional software stacks including communications services stack 30, security services stack 32 and basic services stack 34.
  • The [0024] interface component 14 preferably comprises a middleware services layer that includes one or more application interfaces (APIs) for one or more payment server applications. The middleware services layer also functions to isolate the software services component 16 of the smart card from the payment server applications 12 except via the one or more interfaces. Accordingly, with the smart card of the present invention, the middleware services layer provides a separation between the server application software and the software of the software services component. As a result, the server application software and the software of the software services component can be developed separately.
  • As shown in FIG. 1, the software of the [0025] software services component 16, in addition to being organized into a plurality of vertical, functional software stacks 30, 32 and 34 as described above, is also arranged to define, together with the server application software, a plurality of horizontal layers arranged in a descending order from a higher level service layer to a lower level service layer.
  • The highest level layer (the top layer) of the layered architecture comprises the one or more [0026] payment server applications 12, and the remaining layers comprise the software layers of the software services component. The software of the software services component is organized into a plurality of software modules, e.g., modules 40 and 42. In software services component 16, a single module can reside in only one functional stack and in only one horizontal layer within that stack. Each layer can contain from one to many modules and all the modules in a particular layer and in a particular functional stack have the same level of abstraction. Communication among the various modules is accomplished via a Software Back Plane (SwBP), such as schematically illustrated at 46, subject to a set of basic rules for module-to-module access. These rules can be summarized as follows:
  • A software module may invoke functionality in all layer interfaces below its own layer. [0027]
  • There are no limitations for the direction of channel events or data streams. They may go in any direction. [0028]
  • A software module may never invoke functionality in layer interfaces (in the SwBP) above its own layer, independent of to which module the layers belong. [0029]
  • A software module may invoke functionality in the layer interface in its own layer in the same vertical stack. [0030]
  • A software module may invoke functionality in a software module in the same layer in another vertical stack. (This capability is permitted to limit the number of layers in the vertical stacks, and is preferably kept to a minimum.) [0031]
  • There is no hard coupling between the various modules and the interfaces in the SwBP. As a result, modules can be added, removed or changed without affecting other modules in the smart card. [0032]
  • In the exemplary embodiment of FIG. 1 the communications services stack [0033] 30 includes modules for providing communication services, a smart card protocol engine, logical drivers and physical device drivers. The security services stack 32 includes modules for providing security functions including certificate services, cryptographic services, public-key cryptographic services and symmetric key cryptographic services; as well as modules for providing logical drivers and physical device drivers (as schematically illustrated in FIG. 1, communication between the logical drivers modules and the physical drivers modules in the communication services stack and the security services stack is permitted notwithstanding that they are in different stacks in order to reduce the overall number of modules that are required in the smart card).
  • The basic services [0034] functional stack 34 includes modules for providing a smart card command engine, access control, operating system services, and bootstrap services.
  • The [0035] hardware component 18 comprises a plurality of hardware units including various 10 hardware units, a cryptographic hardware unit and hardware units relating to memory and memory management, various timers, clocks and sensors.
  • It should be understood that the exemplary smart card shown in FIG. 1 illustrates a realization supporting not only the traditional use of smart cards, but also the use of smart card functionality in a mobile terminal as a built-in (non-removable) component. [0036]
  • FIG. 2 is a block diagram that schematically illustrates a layered modular smart card and security function system for a mobile terminal for a wireless telecommunications system according to another exemplary embodiment of the present invention. In the exemplary embodiment of FIG. 2, the mobile terminal is generally designated by [0037] reference number 50, and includes a plurality of smart cards including removable smart cards 52 and 54, and a built-in smart card 56. The mobile terminal 50 in FIG. 2 includes a platform system that comprises electronic payment application software 60, and a mobile terminal platform assembly 62 that includes a middleware services layer 64 and a software services component 66. As shown, software services component 66 is also provided with a layered, modular functional architecture, and specific details of the platform system and the layered architecture are described in commonly assigned copending U.S. Patent Application Serial Nos. [Attorney Docket 53807-00045USPT and Attorney Docket 53807-00023USPT], the disclosures of which are incorporated herein by reference.
  • In general, it should be appreciated that the software architecture of a smart card according to exemplary embodiments of the present invention is similar to and complements the software architecture described in the above-referenced copending applications in that both are organized into vertically oriented functional software stacks and horizontal software layers. [0038]
  • In FIG. 2, only the relevant parts, being the security services stack and the basic services stack, are illustrated. The shaded boxes in FIG. 2 illustrate software modules that relate to the smart card or the provided smart card services. [0039]
  • FIG. 3 is a block diagram that schematically illustrates a layered modular smart card and security function system for a [0040] mobile terminal 80 for a wireless telecommunications system according to another exemplary embodiment of the present invention. The system of FIG. 3 extends the smart card and security function system of FIG. 2 with the capability of directly addressing the smart card command engine module (identified by reference number 82 in FIG. 3). The embodiment of FIG. 3 thus realizes a straightforward method for the mobile terminal to utilize the cryptographic hardware of a smart card, for example, the built-in smart card 84. FIG. 3 also illustrates the advantage of the layered, modular functional approach as it suffices to add only one module to extend the generic cryptographic services module 86 of the software services component 88 of the mobile terminal 80.
  • FIG. 4 is a block diagram that schematically illustrates a smart card for a mobile terminal for a wireless telecommunications system according to another exemplary embodiment of the present invention. FIG. 4 illustrates a [0041] smart card 100 that has no payment server applications, but is controlled directly by the mobile terminal. As shown, because the smart card has no payment server applications, the smart card also does not require the middleware services layer, and comprises only the software services component 16 and the hardware component 18. As in the embodiment of FIG. 1, the smart card may be built-in or removable from the mobile terminal.
  • FIG. 5 is a flow chart that illustrates steps of a method for providing a security function for a mobile terminal for a wireless telecommunications system according to another exemplary embodiment of the present invention. The method is generally designated by reference number [0042] 120 and includes the steps of providing a smart card that has security function software (step 122), and providing a mobile terminal that has security function software (step 124). The smart card security function software is organized in at least one functional software unit and in a plurality of software layers arranged in order from software layers providing higher level services to software layers providing lower level services, and at least one software module in each software layer. The method further includes the step of the mobile terminal accessing and using information and services provided by the smart card to provide a desired security function for the mobile terminal (step 126). As mentioned previously, the smart card can be built-in to the mobile terminal or may be a separate component adapted to be removably mounted in the mobile terminal.
  • In general, the present invention provides a smart card for a mobile terminal for a wireless telecommunications system that provides for a reduction in software development costs for the mobile terminal, not only during initial design and testing but also during the design and introduction of upgrades or other enhancements, i.e., the ability to support additional smart cards or additional functionality. [0043]
  • While what has been described constitutes exemplary embodiments of the present invention, it should be recognized that the invention can be varied in many ways without departing therefrom. Because the invention can be varied in numerous ways, it should be understood that the invention should be limited only insofar as is required by the scope of the following claims. [0044]

Claims (23)

We claim:
1. A smart card for a mobile terminal for a wirelee telecommunications system, comprising:
a software services component including software organized in at least one functional software unit and in a plurality of software layers arranged in order from software layers providing higher level services to software layers providing lower level services, and at least one software module in each software layer; and
means for providing access to information and services provided by the smart card.
2. The smart card according to claim 1, and further including a Software Back Plane for permitting communication among software modules in said plurality of software layers pursuant to a set of defined dependency rules.
3. The smart card according to claim 2, wherein said set of defined dependency rules includes a rule that a software module in a software layer may only invoke functionality in an interface in its own Software Back Plane or in Software Back Planes of software layers below its own Software Back Plane, and a rule that a software module may never invoke functionality in an interface in a Software Back Plane of a software layer above its own software layer.
4. The smart card according to claim 1, wherein said at least one functional software unit comprises at least one vertical functional software stack.
5. The smart card according to claim 4, wherein said at least one vertical functional software stack includes a security services software stack and a basic services software stack.
6. The smart card according to claim 1, and further including at least one payment server application, and a middleware services layer for providing an interface between the at least one payment server application and said software services component.
7. The smart card according to claim 6, wherein said at least one payment server application comprises a plurality of payment server applications.
8. The smart card according to claim 7, wherein said plurality of payment server applications includes an electronic payment plug-in server application, an electronic payment Java server application, and an electronic payment native server application.
9. The smart card according to claim 1, wherein said smart card is adapted to be removably mounted in said mobile terminal.
10. The smart card according to claim 1, wherein said smart card is built-in to said mobile terminal.
11. A smart card and security function system for a mobile terminal for a wireless telecommunications system, comprising:
a smart card including a software services component including software organized in at least one functional software unit and in a plurality of software layers arranged in order from software layers providing higher level services to software layers providing lower level services, and at least one software module in each software layer;
security function software in said mobile terminal; and
access means by which the mobile terminal can access information and services provided by the smart card to provide a desired security function.
12. The smart card and security function system according to claim 11, wherein said smart card further includes a Software Back Plane for permitting communication among software modules in said plurality of software layers pursuant to a set of defined dependency rules.
13. The smart card and security function system according to claim 12, wherein said set of defined dependency rules includes a rule that a software module in a software layer may only invoke functionality in an interface in its own Software Back Plane or in Software Back Planes of software layers below its own Software Back Plane, and a rule that a software module may never invoke functionality in an interface in a Software Back Plane of a software layer above its own software layer.
14. The smart card and security function system according to claim 11, wherein said at least one functional software unit comprises at least one vertical functional software stack.
15. The smart card and security function system according to claim 14, wherein said at least one vertical functional software stack includes a security services software stack and a basic services software stack.
16. The smart card and security function system according to claim 11, wherein said smart card further includes at least one payment server application, and a middleware services layer for providing an interface between the at least one payment server application and said software services component.
17. The smart card and security function system according to claim 16, wherein said at least one payment server application comprises a plurality of payment server applications.
18. The smart card and security function system according to claim 17, wherein said plurality of payment server applications includes an electronic payment plug-in server application, an electronic payment Java server application, and an electronic payment native server application.
19. The smart card and security function system according to claim 11, wherein said smart card is adapted to be removably mounted in said mobile terminal.
20. The smart card and security function system according to claim 11, wherein said smart card is built-in to said mobile terminal.
21. A method for providing a security function for a mobile terminal for a wireless telecommunications system, comprising:
providing a smart card that has security function software, said security function software including software organized in at least one functional software unit and in a plurality of software layers arranged in order from software layers providing higher level services to software layers providing lower level services, and at least one software module in each software layer;
providing a mobile terminal that has security function software; and
said mobile terminal accessing and using information and services provided by the smart card to provide a desired security function.
22. The method according to claim 21, further including removably mounting said smart card in said mobile terminal.
23. The method according to claim 21, further including building said smart card into said mobile terminal.
US10/360,011 2002-02-15 2003-02-07 Layered SIM card and security function Expired - Lifetime US7240830B2 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
US10/360,011 US7240830B2 (en) 2002-02-15 2003-02-07 Layered SIM card and security function
JP2003568904A JP4554937B2 (en) 2002-02-15 2003-02-12 Layered SIM card and security function
EP03739478A EP1486081A2 (en) 2002-02-15 2003-02-12 Layered sim card and security function
AU2003210252A AU2003210252A1 (en) 2002-02-15 2003-02-12 Layered sim card and security function
PCT/EP2003/001373 WO2003069922A2 (en) 2002-02-15 2003-02-12 Layered sim card and security function

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US35729102P 2002-02-15 2002-02-15
US41276302P 2002-09-23 2002-09-23
US41275602P 2002-09-23 2002-09-23
US10/360,011 US7240830B2 (en) 2002-02-15 2003-02-07 Layered SIM card and security function

Publications (2)

Publication Number Publication Date
US20040026517A1 true US20040026517A1 (en) 2004-02-12
US7240830B2 US7240830B2 (en) 2007-07-10

Family

ID=27739380

Family Applications (1)

Application Number Title Priority Date Filing Date
US10/360,011 Expired - Lifetime US7240830B2 (en) 2002-02-15 2003-02-07 Layered SIM card and security function

Country Status (5)

Country Link
US (1) US7240830B2 (en)
EP (1) EP1486081A2 (en)
JP (1) JP4554937B2 (en)
AU (1) AU2003210252A1 (en)
WO (1) WO2003069922A2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090020603A1 (en) * 2004-11-30 2009-01-22 Gemplus Method, a System and a Microcontroller Card for Communicating Application Services from a Microcontroller Card to a Terminal
US7766237B2 (en) 2003-10-23 2010-08-03 Sony Corporation Mobile radio communication apparatus

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7543331B2 (en) * 2003-12-22 2009-06-02 Sun Microsystems, Inc. Framework for providing a configurable firewall for computing systems
EP1728156A2 (en) * 2004-03-04 2006-12-06 Axalto SA A secure sharing of resources between applications in independent execution environments in a retrievable token (e.g smart card)
KR101611649B1 (en) 2008-01-18 2016-04-26 인터디지탈 패튼 홀딩스, 인크 Method and apparatus for enabling machine to machine communication
TW201728196A (en) 2009-03-05 2017-08-01 內數位專利控股公司 Method and apparatus for H(e)NB integrity verification and validation
TW201728195A (en) 2009-03-06 2017-08-01 內數位專利控股公司 Platform validation and management of wireless devices
KR101703925B1 (en) 2010-11-05 2017-02-07 인터디지탈 패튼 홀딩스, 인크 Device validation, distress indication, and remediation
EP4167166A1 (en) 2012-02-29 2023-04-19 Apple Inc. Method, device and secure element for conducting a secured financial transaction on a device

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5689565A (en) * 1995-06-29 1997-11-18 Microsoft Corporation Cryptography system and method for providing cryptographic services for a computer application
US6005942A (en) * 1997-03-24 1999-12-21 Visa International Service Association System and method for a multi-application smart card which can facilitate a post-issuance download of an application onto the smart card
US6216227B1 (en) * 1998-06-29 2001-04-10 Sun Microsystems, Inc. Multi-venue ticketing using smart cards
US6269396B1 (en) * 1997-12-12 2001-07-31 Alcatel Usa Sourcing, L.P. Method and platform for interfacing between application programs performing telecommunications functions and an operating system
US6296191B1 (en) * 1998-09-02 2001-10-02 International Business Machines Corp. Storing data objects in a smart card memory
US6317659B1 (en) * 1999-12-09 2001-11-13 Honeywell International Inc. Layered subsystem architecture for a flight management system
US6339765B1 (en) * 1997-11-13 2002-01-15 At&T Corp. Method and apparatus for defining private currencies
US20020029378A1 (en) * 1995-10-17 2002-03-07 Tony Ingemar Larsson System and method for reducing coupling in an object-oriented programming environment
US20020069065A1 (en) * 2000-07-20 2002-06-06 Schmid Philipp Heinz Middleware layer between speech related applications and engines
US6418420B1 (en) * 1998-06-30 2002-07-09 Sun Microsystems, Inc. Distributed budgeting and accounting system with secure token device access
US6547150B1 (en) * 1999-05-11 2003-04-15 Microsoft Corporation Smart card application development system and method
US6591229B1 (en) * 1998-10-09 2003-07-08 Schlumberger Industries, Sa Metrology device with programmable smart card
US6659345B2 (en) * 1999-12-27 2003-12-09 Hitachi, Ltd. Method of loading an application program into a smart card, smart card, method of loading scripts into a smart card, terminal device capable of operating with a smart card, and storage medium holding an application program

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6038551A (en) * 1996-03-11 2000-03-14 Microsoft Corporation System and method for configuring and managing resources on a multi-purpose integrated circuit card using a personal computer
WO1998019239A1 (en) 1996-10-25 1998-05-07 Raytheon Systems Canada Ltd. Distributed virtual software interface or machine
US6808111B2 (en) 1998-08-06 2004-10-26 Visa International Service Association Terminal software architecture for use with smart cards
CA2347684A1 (en) 1998-10-27 2000-05-04 Visa International Service Association Delegated management of smart card applications
US6633984B2 (en) * 1999-01-22 2003-10-14 Sun Microsystems, Inc. Techniques for permitting access across a context barrier on a small footprint device using an entry point object
FI114434B (en) * 1999-05-11 2004-10-15 Nokia Corp communication equipment
US20040040026A1 (en) 1999-06-08 2004-02-26 Thinkpulse, Inc. Method and System of Linking a Smart Device Description File with the Logic of an Application Program
US6467086B1 (en) 1999-07-20 2002-10-15 Xerox Corporation Aspect-oriented programming
EP1250643A2 (en) 1999-08-23 2002-10-23 Koninklijke Philips Electronics N.V. Generic interface for a software module
FR2805062B1 (en) 2000-02-10 2005-04-08 Bull Cp8 METHOD FOR TRANSMITTING HIGH-FLOW DATA STREAMS OVER AN INTERNET-TYPE NETWORK BETWEEN A SERVER AND A CHIP-CARD TERMINAL, IN PARTICULAR A MULTIMEDIA DATA STREAM
GB0011954D0 (en) 2000-05-17 2000-07-05 Univ Surrey Protocol stacks
JP2002023984A (en) * 2000-07-11 2002-01-25 Mitsumi Electric Co Ltd Radio printer switching device
TW548535B (en) 2000-10-17 2003-08-21 Ericsson Telefon Ab L M Security system
WO2002035351A1 (en) 2000-10-26 2002-05-02 Navision A/S A system and method supporting configurable object definitions

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5689565A (en) * 1995-06-29 1997-11-18 Microsoft Corporation Cryptography system and method for providing cryptographic services for a computer application
US20020029378A1 (en) * 1995-10-17 2002-03-07 Tony Ingemar Larsson System and method for reducing coupling in an object-oriented programming environment
US6005942A (en) * 1997-03-24 1999-12-21 Visa International Service Association System and method for a multi-application smart card which can facilitate a post-issuance download of an application onto the smart card
US6339765B1 (en) * 1997-11-13 2002-01-15 At&T Corp. Method and apparatus for defining private currencies
US6269396B1 (en) * 1997-12-12 2001-07-31 Alcatel Usa Sourcing, L.P. Method and platform for interfacing between application programs performing telecommunications functions and an operating system
US6216227B1 (en) * 1998-06-29 2001-04-10 Sun Microsystems, Inc. Multi-venue ticketing using smart cards
US6418420B1 (en) * 1998-06-30 2002-07-09 Sun Microsystems, Inc. Distributed budgeting and accounting system with secure token device access
US6296191B1 (en) * 1998-09-02 2001-10-02 International Business Machines Corp. Storing data objects in a smart card memory
US6591229B1 (en) * 1998-10-09 2003-07-08 Schlumberger Industries, Sa Metrology device with programmable smart card
US6547150B1 (en) * 1999-05-11 2003-04-15 Microsoft Corporation Smart card application development system and method
US6317659B1 (en) * 1999-12-09 2001-11-13 Honeywell International Inc. Layered subsystem architecture for a flight management system
US6659345B2 (en) * 1999-12-27 2003-12-09 Hitachi, Ltd. Method of loading an application program into a smart card, smart card, method of loading scripts into a smart card, terminal device capable of operating with a smart card, and storage medium holding an application program
US20020069065A1 (en) * 2000-07-20 2002-06-06 Schmid Philipp Heinz Middleware layer between speech related applications and engines

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7766237B2 (en) 2003-10-23 2010-08-03 Sony Corporation Mobile radio communication apparatus
US20090020603A1 (en) * 2004-11-30 2009-01-22 Gemplus Method, a System and a Microcontroller Card for Communicating Application Services from a Microcontroller Card to a Terminal
US8550341B2 (en) * 2004-11-30 2013-10-08 Gemalto Sa Method, a system and a microcontroller card for communicating application services from a microcontroller card to a terminal

Also Published As

Publication number Publication date
JP2005521928A (en) 2005-07-21
WO2003069922A2 (en) 2003-08-21
WO2003069922A3 (en) 2004-10-07
US7240830B2 (en) 2007-07-10
JP4554937B2 (en) 2010-09-29
EP1486081A2 (en) 2004-12-15
AU2003210252A1 (en) 2003-09-04

Similar Documents

Publication Publication Date Title
US6961587B1 (en) Storage media
US6976171B1 (en) Identification card and identification procedure
CN1214674C (en) Chip card and method for communication between external device and chip card
US7801492B2 (en) System and method for managing resources of portable module resources
EP1068753B1 (en) Communication method and apparatus
US9158598B2 (en) Apparatus, method, program and system for processing information utilizing a multi-platform capable of managing a plurality of applications
WO1998012674A2 (en) Pocket value terminal
JP4645998B2 (en) How to deploy applications from smart cards
US7240830B2 (en) Layered SIM card and security function
CN102033828B (en) Method and system for accessing external card
EP1696367A1 (en) Information display method, mobile information apparatus, and noncontact communication device
WO1999018538A1 (en) Portable ic card terminal
CN106776066A (en) Multi-system function processing method and device
US6848038B1 (en) Portable data carrier and method for using the same in a plurality of applications
US20090150987A1 (en) System and method for configuring envrionments of private system using smart card in public system
EP1804196A1 (en) Method and devices for data access in combined SIM and mass storage cards
CN110503176A (en) Smart card and smart card system
EP2291752A1 (en) Data storage device with multiple protocols for preloading data
CN1434379A (en) Method for executing operation to intelligent card from computer
WO2000045311A1 (en) A method and device for exchange of information
GB2337411A (en) Interconnect controller

Legal Events

Date Code Title Description
AS Assignment

Owner name: TELEFONAKTIEBOLAGET L M ERICSSON (PUBL), SWEDEN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:MOLLER, BERND;ESSWEIN, MATTHIAS;SVEDENMARK, RICKARD;AND OTHERS;REEL/FRAME:014300/0874;SIGNING DATES FROM 20030509 TO 20030613

STCF Information on status: patent grant

Free format text: PATENTED CASE

CC Certificate of correction
FPAY Fee payment

Year of fee payment: 4

FPAY Fee payment

Year of fee payment: 8

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 12TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1553); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 12